Internet Society and the African Union Commission unveiled a new set of Guidelines on 9th May 2018 at the Africa Internet Summit in Dakar Senegal, that highlights how privacy protection and the responsible use of personal data are critical factors in building greater trust online and in advancing the digital economy in Africa

In 2014, African Union (AU) members adopted the African Union Convention on Cyber Security and Personal Data Protection (“the Convention”) AU Ministers in charge of Communication and Information and Communication Technology (CICT) and Postal Services confirmed their commitment to the Convention in the African Union Specialized Technical Committee on Communication and ICT Ministerial Declaration.

The Guidelines were created with contributions from regional and global privacy experts, including industry privacy specialists, academics and civil society groups. The Guidelines emphasize the importance of ensuring trust in online services, as a key factor in sustaining a productive and beneficial digital economy. They also offer guidance on how to help individuals take a more active part in the protection of their personal data while recognising that in many areas, positive outcomes for individuals depend on positive action by other stakeholders.

The Guidelines set out 18 recommendations, grouped under three headings which include; two foundational principles to create trust, privacy, and responsible use of personal data, eight recommendations for action by the following stakeholders: governments, policymakers, Data Protection Authorities (DPAs) and Data controllers and data processors.

The guidelines also have eight recommendations on; multi-stakeholder solutions, Wellbeing of the digital citizen and enabling and sustaining measures. Among the key recommendations for governments is that they should respect and protect individuals’ rights to privacy online and offline as they should empower the digital citizen, and ensure the online environment is trusted, safe, and beneficial to all stakeholders.

Central to the Guidelines are its essential principles relating to online personal data protection:

  • Consent and legitimacy
  • Fair and lawful processing
  • Purpose and relevance of data
  • Management of the data lifecycle (retention, accuracy, deletion)
  • Transparency of processing
  • Confidentiality and security of personal data

As data continues to be created and stored continues to grow at unprecedented rates, it is important for measures on data protection to increase. There is also the need to control how personal information is used by organisations, businesses or even the government.

Read more about the guidelines here.